Research reveals prisons at risk from cyber attacks

Federal authorities are concerned after research has revealed that U.S. prisons are vulnerable to computer hackers, who could even be able to remotely open cell doors to aid jailbreaks. In a statement to the Washington Times, spokesman Chris Burke said the Federal Bureau of Prisons is "aware of this research and taking it very seriously."

The security systems in most prisons run using special computer equipment that utilizes industrial control systems (ICS) -- the same systems employed to control power plants, water treatment facilities and other critical infrastructure. ICS were in use in the Iranian nuclear power plant facility that was sabotaged successfully by the Stuxnet worm last year.

"You could open every cell door, and the system would be telling the control room they are all closed," said John Strauchs, a former CIA officer when speaking at the recent Miami Hacker Halted convention recently. He provided assistance in a cyber attack on the simulated prison computer systems as part of the research.

Strauchs, who is now a consultant aiding in the design of security systems for state and federal prisons, said it was even possible to destroy doors by overloading the electrical systems that control them, as well as crashing CCTV systems or shutting down prison-wide secure communications when attacking the security control systems that prisons employ.

Sean McGurk, who headed the Department of Homeland Security's efforts to secure the ICS said the department had looked into the claims and had "validated the researchers' initial assertion that they could remotely reprogram and manipulate" the software controllers running in the system.

Further investigations revealed that prison workers were actually using the secure systems to check personal emails, directly exposing them to potential hackers. In over 400 site inspections, researchers found every single facility had their systems connected to internet enabled networks. That said, Strauchs believes the mostly likely vector would be to bribe a prison guard to insert a USB drive with malicious programming, which could be ever harder to stop.